The United States vs Craig Neidorf
Jump to navigation Jump to search
Journal: Communications of the ACM March 1991 v34 n3 p24(9) * Full Text COPYRIGHT Association for Computing Machinery 1991. ----------------------------------------------------------------------------- Title: The United States vs. Craig Neidorf: a debate on electronic publishing, constitutional rights and hacking. (one of three articles) (Cover Story) Author: Denning, Dorothy E. Summary: Craig Neidorf was a college student accused of fraud and interstate transportation of stolen property as a result of a document published in his electronic newsletter, Phrack. The case ended after four days of trial when the government dropped its charges. The charges against Neidorf came as part of a two-year investigation into illegal activity, during which the government seized over 40 systems and 23,000 disks. The seizures, and the Neidorf case, raise serious questions about the liabilities and responsibilities of system users. Neidorf's indictment has been seen by some as a threat to the freedom of the press. On the other hand, publications that print information that encourage people conduct illegal break-ins should not be considered proper simply because they are protected under the First Amendment. Some of the activities that might decrease illegal hacking include teaching computer ethics, both in classrooms and in professional forums. ----------------------------------------------------------------------------- Descriptors.. Topic: Computer crimes Electronic publishing Freedom of information Ethics. Person: Neidorf, Craig (Cases). Record#: 10 489 782. ----------------------------------------------------------------------------- *Note* Only Text is presented here; see printed issues for graphics. Full Text: The United States vs. Craig Neidorf In 1983, the media publicized a series of computer break-ins by teenagers in Wisconsin nicknamed "414 hackers." At about the same time, the popula movie War-games depicted a computer wizard gaining access to the North american Air Defense (NORAD) Command in Cheyenne Mountain, Colorado and almost triggering a nuclear war by accident. Since then, a stereotype of a computer hacker (1) has emerged based upon unscrupulous young people who use their computer skills to break into systems, steal information and computer and telecommunication resources, and disrupt operations without regard for the owners and users of the systems. Well-publicized incidents, such as the Internet worm  and the German hackers who broke into unclassified defense systems and sold information to the KGB , have reinforced that stereotype and prompted policy makers and law enforces to crack down on illegal hacking. In May 1990, 150 Secret Service agents executed 27 search warrants and seized 40 systems as part of Operation Sun Devil, a two-year investigation led by Arizona prosecutors into incidents estimated to have cost companies millions of dollars. Another investigation involving prosecutors in Atlanta and Chicago let to several indictments. Reports on some of the seizures and indictments provoked an out-cry from people in the computer industry who perceived the actions taken by law enforcers as a threat to constitutional rights. One case in particular that was cited as an example of threats against freedom of the electronic press was that of Craig Neirdorf--a college student accused by the U.S. government of fraud and interstate transportation of stolen property regarding a document published in his electronic newsletter, Phrack. The trial began on July 23, 1990, and ended suddenly four days later when the government dropped the charges. I attended the trial as an expert witness for the defense. OVERVIEW OF THE CASE Craig Neidorf is a pre-law student at the University of Missouri. At the age of 13, he became interested in computers, an extension of an earlier intense interest in Atari 2600 andother video games. At 14, he adopted the handle Knight Lightning on computer networks and bulletin boards. At 16, he and a childhood friend started an electronic newsletter called Phrack. The name was composed from the words phreak and hack, which refer to telecommunications systems (phreaking) and computer systems (hacking). To Phrack readers and contributors, phreaking and hacking covered both legal and illegal activities, and some of the articles in Phrack provided information that could be useful for someone trying to gain access to a system or free use of telecommunications lines. To some law enforcers and computer security professionals, Phrack was seen as possible breeding ground for computer criminals. They found issues of Phrack among the evidence of cases under investigation, and a hacker told them that Phrack had provided information that helped him get started. Phrack published 30 issues from November 1985 through 1989. Neidorf's main role with the newsletter was editor of a column called "Phrack World News." In addition, he was the publisher of issue 14, and co-editor/publisher of issues 20-30. As publisher, he solicited articles from authors, assembled the articles he received into an issue, and distributed the issue to an electronic mailing list. On January 18, 1990, Neidorf received a visit from an agent of the U.S. Secret Service and a representative of Southwestern Bell Security regarding a document about the Enhanced 911 (E911) emergency system. This document, which was in the form of a computer text file, had been published in Issue 24 of Phrack. During this visit, Neidorf, believing he had done nothing wrong, cooperated and turned over information. The next day, the visitors returned with a representative from the campus police and a search warrant. Neidorf was also asked to contact the U.S. Attorney's office in Chicago. He did, and on January 29 arrived at that office, accompanied by a lawyer, for further interrogation. Again, the young publisher turned over information and answered their questions. Neither he nor his attorney were informed that four days earlier evidence had been presented to a federal grand jury in Chicago for the purpose of indicting him. On February 1, the grand jury was given additional evidence and charged Craig Neidorf with six counts in an indictment for wire fraud, computer fraud, and interstate transportation of stolen property valued at $5,000 or more. In June 1990, the grand jury met again and issued a new indictment that dropped the computer fraud charges, but added additional counts of wire fraud. Neidorf was now charged with 10 felony counts carrying a maximum penalty of 65 years in prison. The indictment centered on the publication of the E911 text file in Phrack. The government claimed the E911 text file was a highly proprietary and sensitive document belonging to BellSouth and worth $23,900. They characterized the document as a road map to the 911 phone system, and claimed that its publication in Phrack allowed hackers to illegally manipulate the 911 computer systems in order to disrupt or halt 911 service. They further claimed that the document had been stolen from BellSouth by Robert Riggs, also known as The Prophet, and that the theft and publication of the document in Phrack was part of a fraudulent scheme devised by Neidorf and members of the hacking group Legion of Doom, of which Riggs was a member. The object of the scheme was to break into computer systems in order to obtain sensitive documents and then make the stolen documents available to computer hackers by publishing the documents in Phrack. The government claimed that as part of the fraudulent scheme, Neidorf solicited information on how to illegally access computers and telecommunication systems for publication in Phrack as "hacker tutorials." The term hacker was defined in the indictment as an individual "involved with the unauthorized access of computer systems by various means." On May 21, 1990 Neidorf called me to request a copy of my paper about hackers, which I was preparing for the National Computer Security Conference . Although I hadnot talked with him before that time, I knew who he was because I had been following his case in the Computer Underground Digest, an electronic newsletter, and in various Usenet bulletin boards. Based on what I had read, which included the E911 file as published in Phrack, I did not see how the E911 file could be used to break into the 911 system or, for that matter, any computer system. I was concerned that Neidorf may have been wrongly indicted. I was also concerned that a wrongful conviction--a distinct possibility in a highly technical trial--could have a negative impact on electronic publication. In late June, I received a call from Neidorf's attorney, Sheldon Zenner of the firm Katten, Muchin & Zavis in Chicago. After several conversations with Neidorf and Zenner, I agreed to be an expert witness and provide assistance throughout the trial. Zenner told me that John Nagle, an independent computer scientist in Menlo Park, California, had gathered articles, reports, and books on the E911 system from the Stanford University library and local bookstores, and by dialing a Bellcore 800 number. After Nagle showed me the published documents, I agreed with his conclusion that Phrack did not give away any secrets. Nagle was also planning to go to Chicago to help with the defense and possibly testify. Meanwhile, I gathered articles, books, and programs that showed there are plenty of materials in the public domain that are at least as useful for breaking into systems as anything published in Phrack. (Some of these are referenced later.) THE TRIAL The trial began on July 23, 1990 in Chicago's District Court for the Northern District of Illinois. It was expected to last two weeks, with the government presenting its case during the first week. I helped prepare the cross examinations of the government's witnesses and expected to testify sometime during the second week. After a day of jury selection, the trial began with Assistant U.S. Attorney William Cook making the opening remarks for the prosecution. Cook reviewed the government claims, weaving a tale of conspiracy between Neidorf, Riggs, and members of the Legion of Doom who had broken into BellSouth computers. Zenner then presented his opening remarks for the defense. He reviewed Neidorf's history and involvement with Phrack, noting that the goal of the newsletter was the free exchange of information. He challenged the claims of the government and outlined the case for the defense. He noted how the government had indicted Neidorf despite his extensive cooperation with them. He said that Neidorf believed his actions were covered by the First Amendment, and that his beliefs were formed from college classes he took as a pre-law student on constitutional law and civil liberties. The government's witnesses through Thursday afternoon included Riggs, the Secret Service agent, and employees of BEllcore and of BellSouth and its subsidiaries. The evidence brought out during the examination and cross-examination of these witnesses indicated the E911 text file was not the highly sensitive and secret document that BellSouth had claimed, that BellSouth had not treated the document as though it were, and that Neidorf had not conspired with Riggs. Although this seemed like cause for optimism, Zenner reminded us that the government loses very few cases. On Friday morning, I arrived at the law offices to learn the government had been talking with Zenner about dropping the felony charges in exchange for a guilty plea to a misdemeanor. Neidorf, however, would not accept a charge for something he had not done. Meanwhile, Zenner was meeting with the U.S. attorneys. I went to the courtroom, where Zenner told me the government was now considering dropping all charges. Zenner was willing to lay out the case for the defense to the prosecution he asked Nagle and me to go to the U.S. Attorney's office and answer all their questions. We went, and Cook went through the E911 file paragraph by paragraph asking us for evidence that the material was in the public domain. Nagle answered most of the questions, pointing Cook to the relevant public documents and demonstrating that the E911 Phrack file did not give away any secrets. We then went to the courtroom to await the final decision. Shortly thereafter, the court resumed, and Judge Nicholas Bua announced the government's decision to drop charges, dismissed the jury, and declared a mistrial. Five of the jurors were asked to remain and were interviewed by Bua and both attorneys. At midday, the court adjourned. Although Neidorf was freed of allcriminal charges, he was not free of all costs. The trial cost of $100,000 was incurred by him and his family. KEY DOCUMENTS The government's case focused on several documents that were published in Phrack or were included in electronic mail between Neidorf and others. These included the following: the E911 text file and Phrack version of that file the hacker tutorials published in Phrack Issue 22 a Trojan horse login program an announcement of The Phoenix Project in Phrack Issue 19 and some email correspondence between Neidorf and Riggs. All these documents were introduced as evidence by the government during the presentation of its case. The E911 Text File Riggs testified that sometime during the summer of 1988, he accessed a BellSouth system called AIMSX and downloaded a file with a document issued by BellSouth Services titled "Control Office Administration of Enhanced 911 Services for Special Services and Major Account Centers," Section 660-225-104SV, Issue A, March 1988. The document, which contains administrative information related to E911 service, installation, and maintenance, bears the following notice on the first page: "Not for use or disclosure outside BellSouth or any of its subsidiaries except under written agreement." Sometime prior to September 1988, Riggs transferred the file to a public [Unix.sup.TM] system called Jolnet, where it remained until July 1989. Riggs testified he sent the E911 text file to Neidorf via email from Jolnet in January 1989 for publication in Phrack. He said he asked Neidorf to edit the file so that it would not be recognizable by BellSouth, and to publish it under the handle "The Eavesdropper." Neidorf removed the nondisclosure notice and deleted names, locations, and telephone numbers, and published it in Phrack Issue 24 on February 24, 1989. The edited document was less than half the size of the original document, and was split into two Phrack files, the first (file 5) containing the main text and the second (file 6) containing the glossary of terms. The government claimed that the E911 text file and Phrack version contained highly sensitive and proprietary information that provided a road map to the 911 system and could be used to gain access to the system and disrupt service. The claim was based on a statement made by an employee of Bellcore. As noted earlier, Nagle had located articles and pamphlets that contained much more information about the E911 system than the Phrack file. During cross examination of the government's witness who was responsible for the practice described in the E911 document, Zenner showed the witness two of these pamphlets available from Bellcore via an 800 number for $13 and $21 respectively. The witness, who had not seen either report before and was generally unfamiliar with the public literature on E911, agreed that the reports also gave road maps to the E911 system and included more information than was a Phrack. The witness also testified that a nondisclosure stamp is routinely puton every BellSouth document when it is first written, thereby weakening any argument that the document contained particularly sensitive trade secrets. The defense was prepared to argue that the E911 text file contained no information that was directly useful for breaking into the E911 system or any computer system. There were no dial-up numbers, no network addresses, no accounts, no passwords, and no mention of computer system vulnerabilities. The government claimed that the names, locations, organization phone numbers, and jargon in the E911 text file could be useful for social engineering--that is, deceiving employees to get information such as computer accounts and passwords. However, the Phrack version omitted the names, locations, and phone numbers, and the jargon was all described in the published literature. Thus, the E911 Phrack file seemed no more useful for social engineering than the related public documents. The defense was also prepared to show that Bellsouth had not treated the document as one would expect a document of such alleged sensitivity to be treated. Riggs testified that the account he had used to get into AIMSX had no password. AT&T security was notified in September 1988, that the E911 text file was publicly available in Riggs's directory on Jolnet, and Bellcore security was notified of this in October. This was two months before Riggs mailed the file to Neidorf for inclusion in Phrack, and about four months before its publication in Phrack. Still, no legal action was taken until July 1989, nine months from the time Bellcore was aware of the file's presence on Jolnet. At that point, Bellcore and BellSouth asserted to the government that a highly sensitive and dangerous document was stolen. They urged the U.S. Secret Service to act immediately because of the purported risk posed by the availability of this "dangerous" information. However, they did not tell the Secret Service that they had discovered all of this nine months earlier. The government responded immediately with a subpoena for Jolnet. The defense believed that BellSouth's delay in acting to protect the E911 document was inconsistent with its claim that the document contained sensitive information. To its credit, however, BellSouth did strengthen the security of its systems following the breakins. The Hacker Tutorials The government claimed that three files in Phrack Issue 22 were tutorials for breaking into systems and, as such, evidence of a fraudulent scheme to break into systems, steal documents, and publish them in Phrack. These files, which corresponded to one count of the indictment, were: 4. "A Novices Guide to Hacking--1989 Edition" by The Mentor. 5. "An Indepth Guide in Hacking Unix and The Concept of Basic Networking Utility" by Red Knight. 6. "Yet Another File on Hacking Unix" by Unknown User. Files 4 and 5 Phrack 22 briefly introduce the art of getting computer access through weak passwords and default accounts, while File 6 contains a password-cracking program. Most of file 5 is a description of basic commands in Unix, which can be found in any Unix manual. After examining these and other Phrack files, I concluded that Phrack contained no more information about breaking into systems than articles written by computer security specialists and published in journals such as the Communications of the ACM, AT&T Bell Technical Journal, Information Age, and Unix/WORLD, and in books. For example, Cliff Stoll's popular book The Cuckoo's Egg  has been characterized as a "primer on hacking." Information that could be valuable for breaking passwords is given in the 1979 paper on password vulnerabilities by Morris and Thompson of Bell Laboratories . A recent article by Spafford gives details on the workings of the Internet worm . Password-cracking programs are publicly available intentionally so that system managers can run them against their own password files in order to discover weak passwords. An example is the password cracker in COPS, a package that checks a Unix system for different types of vulnerabilities. The complete package can be obtained by anonymous FTP from ftp.uu.net. Like the password cracker published in Phrack, the COPS cracker checks whether any of the words in an on-line dictionary correspond to a password in the password file. Another file that the prosecution brought into evidence during the trial was file 6 in Phrack Issue 26, "Basic Concepts of Translation," by The Dead Lord and The Chief Executive Officers. This file, which described translation in Electronic Switching System (ESS) switches, contained a phrase "Anyone want to throw the ESS switch into an endless loop????" in a section on indirect addressing in an index table. This remark can be interpreted as a joke, but even if it were not, the information in the article seems no worse than Ritchie's code for crashing a system, which is published in the Unix Programmer's Manual with the comment "Here is a particularly ghastly shell sequence guaranteed to stop the system: ..." . The government's claims that these files were part of a fraudulent scheme were disproved by Riggs's testimony and email (discussed later) showing that Neidorf and Riggs had not conspired to commit fraud by stealing property and publishing stolen documents. By publishing articles that expose system vulnerabilities, Phrack, in one sense, is not unlike some professional publications such as those issued by the ACM. The Association encourages publishing such articles on the grounds that in the long term, the knowledge of vulnerabilities will lead to the design of systems that are resistant to attacks and failures. But, there is an important difference between the two publications. ACM explicitly states that it does not condone unauthorized use or disruption of systems, it discourages authors of articles about vulnerabilities from writing in a way that makes attacks seem like a worthy activity, and it declines to publish articles that appear to endorse attacks of any kind. In addition, the ACM is willing to delay publication of an article for a short time if publishing the information could make existing systems subject to attack. By comparison, Phrack appears to encourage people to explore system vulnerabilities. In "A Novice's Guide to Hacking," The Mentor gives 11 guidelines to hacking. The last says "Finally, you have to actually hack. . . . There's no thrill quite the same as getting into your first system . . ." Although the guidelines tell the reader "Do not intentionally damage *any* system," they also tell the reader to alter those system files "needed to ensure your escape from detection and your future access." (2) The wording can be interpreted as encouraging unauthorized but non-malicious break-ins. Thus, whereas reading Phrack could lead one to the assessment that it promotes illegal break-ins, reading an ACM publication is likely to lead to the assessment that it discourages such acts and promotes protective actions. The actual effect of either publication on illegal activities or computer security, however, is much more difficult to determine, especially since both publications are available to anyone. Computer security specialists who read Phrack may have found it useful to know what vulnerabilities intruders were likely to exploit, while hackers who read Communications of the ACM may have learned something new about breaking into systems or implanting viruses. The Phrack reports on people who were arrested may have discouraged some budding young hackers from performing illegal acts they also may have reminded hackers to take greater measures to cover up their tracks and avoid being caught. Even if Phrack promoted certain illegal actions, this does not make the publication itself illegal. The First Amendment protects such publication unless it poses an imminent danger to society. The threshold for this condition is sufficiently high that, although courts have discussed its theoretical existence, it has never been met. The Trojan Horse Login Program The government found a modified version of the AT&T System V 3.2 login program in Neidorf's files. The program, which was modified and sent to Neidorf by someone currently under indictment, was part of the AT&T Unix source code and had "copyright" and "proprietary" stamps scattered throughout. The modifications included a Trojan horse that captured accounts and passwords, saving them in a file that could later be retrieved. The government claimed that Neidorf's possession of this program demonstrated his intentions to promote illegal break-ins and the theft of proprietary information. To support its case, it brought into evidence email where Neidorf was relaying messages between two other parties. One party said he had other Unix sources, including 4.3 BSD Tahoe the other asked for the Tahoe source so he could install the login program on some Internet sites. The defense believed the government's allegations against Neidorf were weak on three grounds. First, as with any publisher, the mere receipt of a document is not proof of intent to perform illegal acts. Second, after observing that the source code contained notices that the code was copyrighted and proprietary, Neidorf asked someone at Bellcore security for advice on what to do. This action added credibility to his claim that he had no intent to perform illegal acts and that he did not know that publishing the E911 text could be illegal. Although the E911 file had a nondisclosure notice, the notice did not contain the words "copyright" or "proprietary." Third, how to write a Trojan horse login program is no secret. For example, such programs have been published in Stoll's book  and an article by Grampp and Morris . Also, in his ACM Turning lecture, Ken Thompson, one of the Bell Labs coauthors of Unix, explained how to create a powerful Trojan horse that would allow its author to log onto any account with either the password assigned to the account or a password chosen by the author . Thompson's Trojan horse had the additional property of being undetectable in the login source code. This was achieved by modifying the C-compiler so that it would compile the Trojan horse into the login program. The Phoenix Project and Email Correspondence Issue 19, File 7 of Phrack announced "The Phoenix Project," and portrayed it as a new beginning to the phreak/hack community where "Knowledge is the key to the future and it is FREE. The telecommunications and security industries can no longer withhold the right to learn, the right to explore, or the right to have knowledge." The new beginning was to take place at SummerCon '88 in St. Louis. The government claimed this announcement was the beginning of the fraudulent scheme to solicit and publish information on how to access systems illegally, and its publication accounted for one of the counts in the indictment. Yet, the announcement explicitly says "The new age is here and with the use of every *LEGAL* means available, the youth of today will be able to teach the youth of tomorrow. . . . the practice of passing illegal information is not a part of this convention." Security consultants and law enforcers were invited to attend SummerCon. Although Neidorf was not charged with any crimes in 1988, the Secret Service sent undercover agents to SummerCon '88 to observe the meeting. They secretly videotaped Neidorf and others through a two-way mirror during the conference for 15 hours. What did they record? A few minors drinking beer and eating pizza! Zenner asked to introduce these tapes as evidence for the defense, but the prosecution objected and Judge Bua sustained their objection. Two counts of the indictment involved email messages from Neidorf to Riggs and "Scott C." These messages, which were also alleged to be part of the fraudulent scheme, were basically discussions of particular individuals, mainly members of the Legion of Doom. The messages contained no plots to defraud any organization and no solicitations for illegal information. RIGHTS AND RESPONSIBILITIES Neidorf's indictment came in the midst of a two-year investigation of illegal activity that involved the FBI, Secret Service, and other federal and local law enforcement agencies. As part of the investigation, the government seized over 40 systems and 23,000 disks. Several bulletin board systems were shut down in the process, including the Jolnet system on which Riggs stored the E911 document. In most cases, no charges have yet been made against the person owning the equipment, and equipment that seemed to have little bearing on any illegal activity, such as a phone answering machine, was sometimes included in the haul. The Phrack case and computer seizures raised concerns about freedom of the press, protection from unnecessary searches and seizures, and the liabilities and responsibilities of system operators and owners. In this section, I shall discuss these issues and give some of my own opinions about them. Electronic Publications Some observers interpreted Neidorf's indictment as a threat to freedom of the press in the electronic media. The practice of publishing materials obtained by questionable means is common in the news media, and publication of the E911 file in Phrack was compared with publication of the Pentagon Papers in the New York Times and Washington Post. The government had tried unsuccessfully to stop publication of the Pentagon Papers, arguing that publication would threaten national security. The Supreme Court held that such action would constitute a "prior restraint" on the press, prohibited by the First Amendment. It therefore surprises me that there is any doubt that electronic publications should be accorded the same protection as printed ones. Shortly before the Phrack case came to trial, Mitchell Kapor and John Barlow founded the Electronic Frontier Foundation (EFF) in order to help raise public awareness about civil liberties issues and to support actions in the public interest to preserve and protect constitutional rights within the electronic media. The EFF hired the services of Terry Gross, attorney with the New York law firm Rabinowitz, Boudin, Krinsky & Lieberman, to provide legal advice for the Phrack case Gross submitted two friend-of-the-court briefings seeking to have the indictment dismissed because it threatened constitutionally protected speech. The trial court judge denied EFF's motion, but as it turned out, the charges were dropped before the issue was seriously discussed during the Neidorf trial. Although certain information may be published legally, authors and publishers should consider how such information might be interpreted and used. In the case of hacker publications, the majority of readers are impressionable young people who are the foundation of the future. Articles which encourage illegal break-ins or contain information obtained in this manner should not simply be dismissed as proper just because they are protected under First Amendment rights. Searches and Seizures The seizures of bulletin boards and other systems raised questions about the rights of the government to take property and retain it for an extended period of time when no charges have been made. At least one small business, Steve Jackson Games, claims to have suffered a serious loss as a result of having equipment confiscated for over three months. According to Jackson, the Secret Service raid cost his company $125,000, and he had to lay off almost half of his employees since all of the information about their next product, a game called GURPS CYBERPUNK, was on the confiscated systems. Some of the company's equipment was severely damaged, and data was lost. No charges have been made. Seizing a person's computer system can be comparable to taking every document and piece of correspondence in that person's office and home. It can shut down a business. Moreover, by taking the system, the government has the capability of reading electronic mail and files unrelated to the investigation such broad seizures of paper documents are generally not approved by judges issuing search warrants. For these reasons, it has been suggested that the government not be allowed to take complete systems, but only the files related to the investigation. In most cases, this seems impractical. There may be megabytes or even gigabytes of information stored on disks, and it takes time to scan through that much information. In addition, the system may have nonstandard hardware or software, making it extremely difficult to transfer the data to another machine and process it. Similarly, if a computer is seized without its printer, it may be extremely difficult to print out files. Finally, originals are needed for evidence in court, and the evidence must be protected up to the time of trial. However, if the government can be reasonably confident that the owner of the system has not participated in or condoned the activities under investigation, then it may be practical for the government to issue a subpoena for certain files rather than seize the entire system. When a complete system is seized, it seems reasonable that the government be required under court order to provide copies of files to the owner at the owner's request and expense within some time limit, say one week or one month. If a system shared by multiple users is seized, the search should be restricted to mail and files belonging to the users under investigation. Liabilities and Responsibilities of System Operators and Owners The bulletin board seizures sent a chill through the legitimate network community, raising questions about the liabilities of an operator of a bulletin board or of any system. Operators of these boards asked if they needed to check all information passing through the system to make sure there is nothing that could be interpreted as a stolen, proprietary document or as part of a fraudulent scheme. Computer bulletin boards have been referred to metaphorically as electronic meeting places where assembly of people is not constrained by time or distance. Public boards are also a form of electronic publication. It would seem, therefore, that they are protected by the constitution in the same way that public meeting places and nonelectronic publications such as newspapers are protected. This, of course, does not necessarily mean they should be free of all controls, just as public meetings are not entirely free of control. Bulletin board systems often provide private directories and electronic mail. Private mail and files should be given the same protections from surveillance and seizure as First Class Mail and private discussions that take place in homes or businesses. I believe the Electronic Communications Privacy Act provides this protection. The E911 text file was obtained from a system with a null password. While this does not excuse the person who got into the system and copied the file, I believe that system owners should take greater measures to prevent break-ins and unauthorized use of their systems. There are known practices for protecting systems. While none of these are foolproof, they offer a high probability for keeping intruders out and detecting those that enter. Although the risks associated with insecure systems may not have been great until recently, thereby justifying weak security in favor of allocating more resources for other purposes, the risks are now sufficiently great that weak security is inexcusable for many environments. Moreover, systems owners may be vulnerable to lawsuits if they do not have adequate protection for customer information or for life-critical operations such as patient monitoring or traffic control. Our current laws allow a person to be convicted of a felony for simply entering a system through an account without a password. I recommend we consider adopting a policy where unauthorized entry into a system is at most a misdemeanor if certain standards have not been followed by the owner of the system and the damage to information on the system is not high. However, I recognize that it may be very difficult to set appropriate standards and to determine whether an organization has adhered to them. I also recommend we consider establishing a range of offenses, possibly along the lines of those in the U. K. Computer Misuse Act, which became effective in August 1990: * Unauthorized access: seeking to enter a computer system, knowing that the entry is unauthorized. Punishable by up to six months' imprisonment. * Unauthorized access in furtherance of a more serious crime: Punishable by up to five years' imprisonment. * Unauthorized modification of computer material: introducing viruses, Trojan horses, etc., or causing malicious damage to computer files. Punishable by up to five years' imprisonment. CONCLUSIONS Making a sound assessment of the claims made in the Phrack case requires expertise in the domains of computers, the Unix system, computer security, phone systems, and the public literature. Whereas Zenner brought in outside technical expertise to help with the defense, the prosecution relied on experts belonging to the victim, namely, employees of Bell. The indictment and costly trial may have been avoided if the government had consulted neutral experts before deciding whether to pursue the charges. The professional community represented by ACM may be a good source of such help. In the context of the new milieu created by computers and networks, a new form of threat has emerged--the computer criminal capable of damaging or disrupting the electronic infrastructure, invading people's privacy, and performing industrial espionage. While the costs associated with these crimes may be small compared with computer crimes caused by company employees and former employees, the costs are growing and are becoming significant. For many young computer enthusiasts, illegal break-ins and phreaking are a juvenile activity that they outgrow as they see the consequences of their actions in the world. However, a significant number of these hackers may go on to become serious computer criminals. To design an intervention that will discourage people from entering into criminal acts, we must first understand the hacker culture since it reveals the concerns of hackers that must be taken into account. We must also understand the concerns of companies and law enforcers. We must understand how all these perspectives interact. The 1985 ACM Panel on Hacking  offered several suggestions for actions that could be taken to reduce illegal hacking, and my own investigation confirmed these while speculating about others . Teaching computer ethics may help, and I applaud recent efforts on the part of computer professionals and educators to bring computer ethics not only into the classroom, but into their professional forums for discussion. (1) The term "hacker" originally meant anyone with a keen interest in learning about computer systems and using them in novel and clever ways. Many computer enthusiasts still call themselves hackers in this nonpejorative sense. (2) Most system managers regard any modification of system files as damage, because they must restore these files to a state that does not permit the intruder to re-enter the system. References [1.] Denning, D.E. Concerning hackers who break into computer systems. In Proceedings of the 13th National Computer Security Conference (Oct. 1990). [2.] Grampp, F.T., and Morris, R.H. UNIX operating system security. AT&T Bell Lab. Tech. J., 63, 8 (Oct. 1984). [3.] Lee, J.A.N., Segal, G., and Stier, R. Positive alternatives: A report on an ACM panel on hacking, Commun. ACM, 29, 4 (Apr. 1986), 297-299 full report available from ACM Headquarters, New York. [4.] Morris, R., and Thompson, K. Password security: A case history. Commun. ACM 22, 11 (Nov. 1979). [5.] Ritchie, D. On the security of Unix. Unix programmer's manual, Section 2, AT&T Bell Laboratories. [6.] Spafford, E.H. The Internet Worm: Crisis and aftermath. Commun. ACM 32, 6 (June 1989). [7.] Stoll, C. The Cuckoo's Egg. Doubleday, N.Y. 1990. [8.] Thompson, K. Reflections on trusting trust. Turing Award Lecture, Commun. ACM 27, 8, 761-763.